Sale!

Packt Hands On Web Penetration Testing with Metasploit 1st edition by Himanshu Sharma, Harpreet Singh ISBN 1789953529 978-1789953527

Original price was: $70.00.Current price is: $35.00.

Instant download Packt Hands On Web Penetration Testing with Metasploit 1789953529 after payment

SKU: EB_89872 Category:

Packt Hands On Web Penetration Testing with Metasploit 1st edition by Himanshu Sharma, Harpreet Singh – Ebook PDF Instant Download/Delivery:  1789953529, 978-1789953527
Full download Packt Hands On Web Penetration Testing with Metasploit 1st edition after payment


Product details:

ISBN 10: 1789953529
ISBN 13: 978-1789953527
Author: Himanshu Sharma, Harpreet Singh

Metasploit has been a crucial security tool for many years. However, there are only a few modules that Metasploit has made available to the public for pentesting web applications. In this book, you’ll explore another aspect of the framework – web applications – which is not commonly used. You’ll also discover how Metasploit, when used with its inbuilt GUI, simplifies web application penetration testing.

The book starts by focusing on the Metasploit setup, along with covering the life cycle of the penetration testing process. Then, you will explore Metasploit terminology and the web GUI, which is available in the Metasploit Community Edition. Next, the book will take you through pentesting popular content management systems such as Drupal, WordPress, and Joomla, which will also include studying the latest CVEs and understanding the root cause of vulnerability in detail. Later, you’ll gain insights into the vulnerability assessment and exploitation of technological platforms such as JBoss, Jenkins, and Tomcat. Finally, you’ll learn how to fuzz web applications to find logical security vulnerabilities using third-party tools.

By the end of this book, you’ll have a solid understanding of how to exploit and validate vulnerabilities by working with various tools and techniques.

Packt Hands On Web Penetration Testing with Metasploit 1st Table of contents:

  1. Introduction
  2. Introduction to Web Application Penetration Testing
  3. What is a penetration test?
  4. Types of penetration test
  5. White box penetration test
  6. Black box penetration test
  7. Gray box penetration test
  8. Stages of penetration testing
  9. Reconnaissance and information gathering
  10. Enumeration
  11. Vulnerability assessment and analysis
  12. Exploitation
  13. Reporting
  14. Important terminologies
  15. Penetration testing methodologies
  16. Open Source Security Testing Methodology Manual (OSSTMM)
  17. Operational security metrics
  18. Trust analysis
  19. Human security testing
  20. Physical security testing
  21. Wireless security testing
  22. Telecommunications security testing
  23. Data network security testing
  24. Compliance regulations
  25. Reporting with the STAR
  26. OSSTMM test types
  27. Information Systems Security Assessment Framework (ISSAF)
  28. Penetration Testing Execution Standard (PTES)
  29. Pre-engagement interactions
  30. Intelligence gathering
  31. Threat modeling
  32. Vulnerability analysis
  33. Exploitation
  34. Post-exploitation
  35. Reporting
  36. Common Weakness Enumeration (CWE)
  37. OWASP Top 10
  38. SANS TOP 25
  39. Summary
  40. Questions
  41. Further reading
  42. Metasploit Essentials
  43. Technical requirements
  44. Introduction to Metasploit Framework
  45. Metasploit Framework terminology
  46. Installing and setting up Metasploit
  47. Installing Metasploit Framework on *nix
  48. Installing Metasploit Framework on Windows
  49. Getting started with Metasploit Framework
  50. Interacting with Metasploit Framework using msfconsole
  51. MSF console commands
  52. Customizing global settings
  53. Variable manipulation in MSF
  54. Exploring MSF modules
  55. Running OS commands in MSF
  56. Setting up a database connection in Metasploit Framework
  57. Loading plugins in MSF
  58. Using Metasploit modules
  59. Searching modules in MSF
  60. Checking for hosts and services in MSF
  61. Nmap scanning with MSF
  62. Setting up payload handling in MSF
  63. MSF payload generation
  64. Generating an MSF payload using msfconsole (one-liner)
  65. Generating an MSF payload using msfvenom
  66. Summary
  67. Questions
  68. Further reading
  69. The Metasploit Web Interface
  70. Technical requirements
  71. Introduction to the Metasploit web interface
  72. Installing and setting up the web interface
  73. Installing Metasploit Community Edition on Windows
  74. Installing Metasploit Community Edition on Linux/Debian
  75. Getting started with the Metasploit web interface
  76. Interface
  77. Main menu
  78. Project tab bar
  79. Navigational breadcrumbs
  80. Tasks bar
  81. Project creation
  82. Default project
  83. Creating a custom project
  84. Target enumeration
  85. Using the built-in option
  86. Importing scan results
  87. Module selection
  88. Auxiliary module
  89. Using an exploit module
  90. Session interaction
  91. Post-exploitation modules
  92. Summary
  93. Questions
  94. Further reading
  95. The Pentesting Life Cycle with Metasploit
  96. Using Metasploit for Reconnaissance
  97. Technical requirements
  98. Introduction to reconnaissance
  99. Active reconnaissance
  100. Banner grabbing
  101. HTTP header detection
  102. Web robot page enumeration
  103. Finding hidden Git repos
  104. Open proxy detection
  105. Passive reconnaissance
  106. Archived domain URLs
  107. Censys
  108. SSL recon
  109. Summary
  110. Questions
  111. Further reading
  112. Web Application Enumeration Using Metasploit
  113. Technical requirements
  114. Introduction to enumeration
  115. DNS enumeration
  116. Going the extra mile – editing source code
  117. Enumerating files
  118. Crawling and scraping with Metasploit
  119. Scanning virtual hosts
  120. Summary
  121. Questions
  122. Further reading
  123. Vulnerability Scanning Using WMAP
  124. Technical requirements
  125. Understanding WMAP
  126. The WMAP scanning process
  127. Data reconnaissance
  128. Loading the scanner
  129. WMAP configuration
  130. Launching WMAP
  131. WMAP module execution order
  132. Adding a module to WMAP
  133. Clustered scanning using WMAP
  134. Summary
  135. Questions
  136. Further reading
  137. Vulnerability Assessment Using Metasploit (Nessus)
  138. Technical requirements
  139. Introduction to Nessus
  140. Using Nessus with Metasploit
  141. Nessus authentication via Metasploit
  142. Basic commands
  143. Patching the Metasploit library
  144. Performing a Nessus scan via Metasploit
  145. Using the Metasploit DB for Nessus scan
  146. Importing Nessus scan in the Metasploit DB
  147. Summary
  148. Questions
  149. Further reading
  150. Pentesting Content Management Systems (CMSes)
  151. Pentesting CMSes – WordPress
  152. Technical requirements
  153. Introduction to WordPress
  154. WordPress architecture
  155. File/directory structure
  156. Base folder
  157. wp-includes
  158. wp-admin
  159. wp-content
  160. WordPress reconnaissance and enumeration
  161. Version detection
  162. Readme.html
  163. Meta generator
  164. Getting the version via JavaScript and CSS files
  165. Getting the version via the feed
  166. Using Outline Processor Markup Language (OPML)
  167. Unique/advanced fingerprinting
  168. WordPress reconnaissance using Metasploit
  169. WordPress enumeration using Metasploit
  170. Vulnerability assessment for WordPress
  171. WordPress exploitation part 1 – WordPress Arbitrary File Deletion
  172. Vulnerability flow and analysis
  173. Exploiting the vulnerability using Metasploit
  174. WordPress exploitation part 2 – unauthenticated SQL injection
  175. Vulnerability flow and analysis
  176. Exploiting the vulnerability using Metasploit
  177. WordPress exploitation part 3 – WordPress 5.0.0 Remote Code Execution
  178. Vulnerability flow and analysis
  179. Exploiting the vulnerability using Metasploit
  180. Going the extra mile – customizing the Metasploit exploit
  181. Summary
  182. Questions
  183. Further reading
  184. Pentesting CMSes – Joomla
  185. Technical requirements
  186. An introduction to Joomla
  187. The Joomla architecture
  188. The file and directory structure
  189. Reconnaissance and enumeration
  190. Version detection
  191. Detection via a meta tag
  192. Detection via server headers
  193. Detection via language configurations
  194. Detection via README.txt
  195. Detection via the manifest file
  196. Detection via unique keywords
  197. Joomla reconnaissance using Metasploit
  198. Enumerating Joomla plugins and modules using Metasploit
  199. Page enumeration
  200. Plugin enumeration
  201. Performing vulnerability scanning with Joomla
  202. Joomla exploitation using Metasploit
  203. How does the exploit work?
  204. Joomla shell upload
  205. Summary
  206. Questions
  207. Further reading
  208. Pentesting CMSes – Drupal
  209. Technical requirements
  210. Introduction to Drupal and its architecture
  211. Drupal’s architecture
  212. Directory structure
  213. Drupal reconnaissance and enumeration
  214. Detection via README.txt
  215. Detection via meta tags
  216. Detection via server headers
  217. Detection via CHANGELOG.txt
  218. Detection via install.php
  219. Plugin, theme, and module enumeration
  220. Drupal vulnerability scanning using droopescan
  221. Exploiting Drupal
  222. Exploiting Drupal using Drupalgeddon2
  223. Understanding the Drupalgeddon vulnerability
  224. Exploiting Drupalgeddon2 using Metasploit
  225. The RESTful Web Services exploit – unserialize()
  226. Understanding serialization
  227. What is a POP chain?
  228. Deserializing the payload
  229. Exploiting RESTful Web Services RCE via unserialize() using Metasploit
  230. Summary
  231. Questions
  232. Further reading
  233. Performing Pentesting on Technological Platforms
  234. Penetration Testing on Technological Platforms – JBoss
  235. Technical requirements
  236. An introduction to JBoss
  237. The JBoss architecture (JBoss 5)
  238. JBoss files and the directory structure
  239. Reconnaissance and enumeration
  240. Detection via the home page
  241. Detection via the error page
  242. Detection via the title HTML tag
  243. Detection via X-Powered-By
  244. Detection via hashing favicon.ico
  245. Detection via stylesheets (CSS)
  246. Carrying out a JBoss status scan using Metasploit
  247. JBoss service enumeration
  248. Performing a vulnerability assessment on JBoss AS
  249. Vulnerability scanning using JexBoss
  250. Vulnerable JBoss entry points
  251. JBoss exploitation
  252. JBoss exploitation via the administration console
  253. Exploitation via the JMX console (the MainDeployer method)
  254. Exploitation via the JMX console using Metasploit (MainDeployer)
  255. Exploitation via the JMX console (BSHDeployer)
  256. Exploitation via the JMX console using Metasploit (BSHDeployer)
  257. Exploitation via the web console (Java applet)
  258. Exploitation via the web console (the Invoker method)
  259. Creating BSH scripts
  260. Deploying the BSH script using webconsole_invoker.rb
  261. Exploitation via JMXInvokerServlet (JexBoss)
  262. Exploitation via JMXInvokerServlet using Metasploit
  263. Summary
  264. Questions
  265. Further reading
  266. Penetration Testing on Technological Platforms – Apache Tomcat
  267. Technical requirements
  268. An introduction to Tomcat
  269. The Apache Tomcat architecture
  270. Files and their directory structures
  271. Detecting Tomcat installations
  272. Detection via the HTTP response header – X-Powered-By
  273. Detection via the HTTP response header – WWW-Authenticate
  274. Detection via HTML tags – the title tag
  275. Detection via HTTP 401 Unauthorized error
  276. Detection via unique fingerprinting (hashing)
  277. Detection via directories and files
  278. Version detection
  279. Version detection via the HTTP 404 error page
  280. Version disclosure via Release-Notes.txt
  281. Version disclosure via Changelog.html
  282. Exploiting Tomcat
  283. The Apache Tomcat JSP upload bypass vulnerability
  284. Tomcat WAR shell upload (authenticated)
  285. An introduction to Apache Struts
  286. Understanding OGNL
  287. OGNL expression injection
  288. Testing for remote code execution via OGNL injection
  289. Testing for blind remote code execution via OGNL injection
  290. Testing for OGNL out-of-band injection
  291. Struts 2 exploitation using Metasploit
  292. Summary
  293. Questions
  294. Further reading
  295. Penetration Testing on Technological Platforms – Jenkins
  296. Technical requirements
  297. Introduction to Jenkins
  298. Jenkins terminology
  299. The Stapler library
  300. URL routing
  301. Apache Groovy
  302. Meta-programming
  303. Abstract syntax tree
  304. Pipeline
  305. Jenkins reconnaissance and enumeration
  306. Detecting Jenkins using favicon hashes
  307. Detecting Jenkins using HTTP response headers
  308. Jenkins enumeration using Metasploit
  309. Exploiting Jenkins
  310. Jenkins ACL bypass
  311. Understanding Jenkins unauthenticated RCE
  312. Summary
  313. Questions
  314. Further reading
  315. Logical Bug Hunting
  316. Web Application Fuzzing – Logical Bug Hunting
  317. Technical requirements
  318. What is fuzzing?
  319. Fuzzing terminology
  320. Fuzzing attack types
  321. Application fuzzing
  322. Protocol fuzzing
  323. File-format fuzzing
  324. Introduction to web app fuzzing
  325. Fuzzer installation (Wfuzz)
  326. Fuzzer installation (ffuf)
  327. Identifying web application attack vectors
  328. HTTP request verbs
  329. Fuzzing HTTP methods/verbs using Wfuzz
  330. Fuzzing HTTP methods/verbs using ffuf
  331. Fuzzing HTTP methods/verbs using Burp Suite Intruder
  332. HTTP request URIs
  333. Fuzzing an HTTP request URl path using Wfuzz
  334. Fuzzing an HTTP request URl path using ffuf
  335. Fuzzing an HTTP request URl path using Burp Suite Intruder
  336. Fuzzing HTTP request URl filenames and file extensions using Wfuzz
  337. Fuzzing HTTP request URl filenames and file extensions using ffuf
  338. Fuzzing HTTP request URl filenames and file extensions using Burp Suite Intruder
  339. Fuzzing an HTTP request URl using Wfuzz (GET parameter + value)
  340. Fuzzing an HTTP request URl using Burp Suite Intruder (GET parameter + value)
  341. HTTP request headers
  342. Fuzzing standard HTTP headers using Wfuzz, ffuf, and Burp Suite
  343. Scenario 1 – Cookie header fuzzing
  344. Scenario 2 – User-defined cookie header fuzzing
  345. Fuzzing a custom header using Wfuzz, ffuf, and Burp Suite
  346. Scenario 3 – Custom header fuzzing
  347. Summary
  348. Questions
  349. Further reading
  350. Writing Penetration Testing Reports
  351. Technical requirements
  352. Introduction to report writing
  353. Writing executive reports
  354. Title page
  355. Document version control
  356. Table of contents
  357. Objective
  358. Defined scope
  359. Key findings (impact)
  360. Issue overview
  361. Strategic recommendations
  362. Writing detailed technical reports
  363. Title page
  364. Document version control
  365. Table of contents
  366. Report summary
  367. Defined scope
  368. Methodology used
  369. CVSS
  370. Vulnerability summary
  371. Conclusion
  372. Appendix
  373. Introduction to Dradis Framework
  374. Pre-installation configuration
  375. Installation and setup
  376. Getting started with Dradis
  377. Importing third-party reports into Dradis
  378. Defining the security testing methodology in Dradis
  379. Organizing reports using Dradis
  380. Exporting reports in Dradis
  381. Working with Serpico
  382. Installation and setup
  383. Getting started with Serpico
  384. Importing data from Metasploit to Serpico
  385. Importing third-party reports into Serpico
  386. User management in Serpico
  387. Managing templates in Serpico
  388. Generating reports in multiple formats
  389. Summary

People also search for Packt Hands On Web Penetration Testing with Metasploit 1st:

penetration testing hands on introduction to hacking pdf

hands on penetration testing on windows

hands-on web app pentesting

hands-on penetration testing for web applications

blackbox penetration test

Tags: Himanshu Sharma, Harpreet Singh, Packt Hands, Penetration Testing